CVE-2026-41207 netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

The vulnerability of the write_indexes() function in the GdkPixbuf image loading library allows a attacker to cause a service failure.

The vulnerability of the GdkPixbuf image loading library is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...

UBUNTU-CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...

CVE-2018-11921

The CVE-2018-11921 entry concerns a failure-condition handling defect that fails to return the correct error code. Affects Snapdragon family components across numerous SoCs (e.g., MDM9206, MDM9607, MDM9650, MSM8996AU, SD/SDX-series, SDA-series, SXR1130) and can cause unintended SUI behavior or di...